upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-22 23:03:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 78

Merge pull request #2706 from owncloud/random_is_random_and_not_time

Browse source 
Use a more random source...
This commit is contained in:
Bart Visscher 2013-04-04 00:48:21 -07:00
commit 2f19629407
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/setup.php
View file

@ -243,7 +243,7 @@ class OC_Setup {
$dbusername=substr('oc_'.$username, 0, 16);
if($dbusername!=$oldUser) {
//hash the password so we don't need to store the admin config in the config file
$dbpassword=md5(time().$dbpass);
$dbpassword=OC_Util::generate_random_bytes(30);
self::createDBUser($dbusername, $dbpassword, $connection);
@ -333,7 +333,7 @@ class OC_Setup {
//add prefix to the postgresql user name to prevent collisions
$dbusername='oc_'.$username;
//create a new password so we don't need to store the admin config in the config file
$dbpassword=md5(time());
$dbpassword=OC_Util::generate_random_bytes(30);
self::pg_createDBUser($dbusername, $dbpassword, $connection);
@ -476,7 +476,7 @@ class OC_Setup {
//add prefix to the oracle user name to prevent collisions
$dbusername='oc_'.$username;
//create a new password so we don't need to store the admin config in the config file
$dbpassword=md5(time().$dbpass);
$dbpassword=OC_Util::generate_random_bytes(30);
//oracle passwords are treated as identifiers:
// must start with aphanumeric char